Annual ThreatLabz Phishing Report Unveils Rapidly Evolving Phishing Landscape With Australia Revealed In Top 10 Countries Targeted Underlining the Need to Adopt a Zero Trust Architecture
· Vishing (voice phishing) and deepfake phishing attacks are on the rise as attackers leverage generative AI to amplify social engineering tactics.
· Australia is within the top 10 countries alongside US, UK, India and Germany targeted by phishing scams.
· Australia experiences a 479.3% surge in volume of phishing content
· Manufacturing was the most targeted industry which experienced the highest volume of attacks in Australia, Korea, Malaysia, Singapore, and Taiwan.
· ANZ Banking Group ranks 11th in the imitated brands of phishing attempts.
SYDNEY, Australia, May 28, 2024 – Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, announced the release of the Zscaler ThreatLabz 2024 Phishing Report, which analyses 2 billion blocked phishing transactions across the Zscaler Zero Trust Exchange™ platform, between January and December 2023, where Australia is listed as one of the top 10 countries identified as the main origins of phishing attack.
Overall, 2023 proved a significant year for phishing activity in Australia. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch service recorded nearly 109,000 reports of phishing-related scams, resulting in losses totaling AU$26.1 million. In the APJ region, India leads in Phishing attacks, with Australia following closely behind with 29,427,987 attacks. The report revealed that in the APJ region, Australia encountered 12.32% of phishing attempts and experienced a surge of 479.3% in the volume of phishing content hosted in Australia.
ThreatLabz data revealed a global year-over-year increase of nearly 60% in phishing attacks, fueled in part by the proliferation of generative AI-driven schemes such as voice phishing (vishing) and deepfake phishing. This year’s report includes actionable insights on phishing activity and tactics, along with offering best practices and strategies to enhance an organisation’s security posture to prevent and minimise related threats.
“The potential of AI is reshaping the cyberthreat landscape and redefining what is possible in the world of cyberattacks, particularly phishing scams. The findings show 29,427,987 attempts of phishing in Australia alone, emphasising the widespread threat posed by this type of attack” said Eric Swift, Area Vice President, ANZ at Zscaler. “Phishing remains a persistent threat and with the emergence of new technologies, it is crucial organisations understand the best practices to protect against phishing threats. The findings show a proactive zero trust approach with advanced AI-powered capabilities is imperative to address evolving threats.”
Manufacturing and Services sectors maintain their position as the most targeted industries in Australia
In Australia, manufacturers experienced the highest number of phishing attacks between January and December 2023, with 5,984,195 attacks recorded in the manufacturing sector and 5,776,337 attacks in the services sector. Following these sectors were industries such as Technology, Government, Education, Finance and Insurance, and Retail and Wholesale sectors in the region.
North America experienced more than half of all phishing attacks, with Australia rounding out the top 10
In 2023, the United States (55.9%) emerged as the top country targeted by phishing scams, followed by the United Kingdom (5.6%) and India (3.9%). The high occurrence of phishing in the U.S. is attributable to its advanced digital infrastructure, large population of internet-connected users and extensive use of online financial transactions.
The majority of phishing attacks originated from the U.S., the U.K., and Russia, while Australia entered the top 10 due to a 479% year-over-year surge in the volume of phishing content hosted in the country.
Financial industry faces a nearly 400% increase in attacks
The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393% increase of attacks from the previous year. Reliance on digital financial platforms provides ample opportunities for threat actors to carry out phishing campaigns and exploit vulnerabilities in this sector.
The manufacturing industry also experienced a significant uptick (31%) in phishing attacks from 2022 to 2023, underscoring the growing awareness of the industry’s vulnerability. As manufacturing processes become more reliant on digital systems and interconnected technologies like IoT/OT, the risk of exploitation by threat actors seeking unauthorised access or disruption also grows.
Microsoft remains the most impersonated brand used in phishing attacks
ThreatLabz researchers identified enterprise brands such as Microsoft, OneDrive, Okta, Adobe and SharePoint as prime targets for impersonation due to their widespread usage and the value associated with acquiring user credentials for these platforms. ANZ Banking Group ranked eleventh among the top twenty enterprise brands imitated for phishing attacks.
Microsoft (43%) emerged as the top imitated enterprise brand in 2023, with its OneDrive (12%) and SharePoint (3%) platforms also ranking in the top five brands – serving as lucrative targets for cybercriminals aiming to exploit Microsoft’s vast user base.
How a Zero Trust architecture can mitigate phishing attacks
Organisations can implement a Zero Trust architecture with advanced AI-powered phishing prevention controls to effectively defend against the ever-evolving threat landscape highlighted in the report. The Zero Trust Exchange platform helps prevent conventional and AI-driven phishing attacks at multiple stages of the attack chain by:
· Preventing compromise: TLS/SSL inspection at scale, AI-powered browser isolation and policy-driven access controls prevent access to suspicious websites.
· Eliminating lateral movement: Users connect directly to applications, not the network, while AI-powered app segmentation limits the blast radius of a potential incident.
· Shutting down compromised users and insider threats: Inline inspection prevents private application exploit attempts, and integrated deception capabilities detect the most sophisticated attackers.
· Stopping data loss: Inspection of data in-motion and at-rest prevents potential theft by an active attacker.
For a deeper dive into best practices for protecting your organisation and to download the full Zscaler ThreatLabz 2024 Phishing Report, visit http://www.zscaler.com/campaign/threatlabz-phishing-report.
Methodology
Zscaler ThreatLabz analysed 2 billion blocked phishing transactions between January and December 2023, exploring various aspects including top phishing attacks, targeted countries, hosting countries for phishing content, distribution of company types based on server IP addresses, and the top referrers linked to these phishing attacks.
About Zscaler
Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange™ platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange™ is the world’s largest in-line cloud security platform.
